JP7009736B2 - Information processing equipment, control methods, programs, devices and information processing systems - Google Patents

Description

The present invention relates to information processing devices, control methods, programs, devices and information processing systems.

In recent years, many devices (devices) such as PCs (personal computers) have already been connected via networks, and not only Internet communication but also clouds, Web services, ASPs (Application Service Providers), etc. The network service called is also expanding.

Among them, the Internet of Things (IoT), which connects things including devices other than personal computers to the Internet, has come to be known.

For example, it is known that not only computers and computer networks but also everyday objects can be readable, recognizable, locable, addressable and controllable by IoT communication networks (see, eg, Patent Document 1). ).

Further, machine-to-machine (M2M) communication is also known in which machines connected to a communication network execute communication without human intervention and automatically control appropriate machines. In the conventional machine-to-machine communication, data transmitted from a device (M2M device) that performs machine-to-machine communication via a communication network is stored, and a service execution environment based on the data is provided (for example, a patent). See Document 2).

In this way, IoT and machine-to-machine communication are examples of system forms in which various devices in the world are connected via a network. Conventionally, devices (IoT devices) connected to a network in order to realize IoT have been linked and controlled by machine-to-machine communication. A series of operations performed by such IoT devices in cooperation with each other may be defined as a control flow in an organizational unit such as a company. However, when a series of operations performed by IoT devices in cooperation is defined as a control flow in an organizational unit such as a company, a unit of IoT devices belonging to a specific group such as an IoT device arranged in a certain office. Could not be defined individually.

It is an object of the present invention to provide an information processing apparatus capable of individually defining a control flow for each device belonging to a group.

In order to achieve the above-mentioned problems, claim 1 of the present application effectively controls the processing of one or more devices belonging to the group based on the data transmitted from one or more devices belonging to the group via the network. An information processing device controlled by a flow , the first role of a first user to which the corresponding processing is permitted and the second user to which the corresponding processing is prohibited for each of a plurality of different processes of the device. A control for associating a policy data storage means for storing policy data in which the second role of the above is set in a group unit with a condition and a plurality of different processes of the device executed when the condition is satisfied. A plurality of control flow storage means for storing flows in group units, and a plurality of devices executed when the user who requests the execution of the control flow satisfies the conditions of the control flow requested to be executed. Whether the first user is allowed to perform any of the different processes in the policy data, or the second user is prohibited from performing any of the different processes in the policy data. Is determined based on the requested user's role and the policy data, and if it is determined to be the first user, the control flow is enabled to obtain the enabled control flow. Based on this, a plurality of different processes of the device are controlled in the group unit, and when it is determined that the user is the second user, the plurality of different processes of the device including the process of the prohibited device correspond. It is characterized by having a control flow implementing means that does not implement the entire control flow attached .

According to the embodiment of the present invention, the control flow can be individually defined for each device belonging to the group.

It is a block diagram of an example of the information processing system which concerns on 1st Embodiment. It is a hardware block diagram of an example of a computer. It is a hardware block diagram of an example of an image forming apparatus. It is a hardware block diagram of an example of an IoT controller. It is a processing block diagram of an example of the IoT server which concerns on this embodiment. It is a processing block diagram of an example of an operation panel and an image forming apparatus which concerns on this embodiment. It is a processing block diagram of an example of the IoT controller which concerns on this embodiment. It is a processing block diagram of an example of the IoT device which concerns on this embodiment. It is a flowchart of an example of IoT device control processing which concerns on this embodiment. It is a block diagram of an example of a control flow. It is a flowchart of an example of the process of step S12. It is a flowchart of an example of the process of step S13. It is a block diagram of an example of an IoT device control policy. It is a flowchart of another example of the process of step S13. It is an image diagram of an example of a control flow creation screen. It is a block diagram of another example of the information processing system which concerns on 1st Embodiment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First Embodiment]
<System configuration>
FIG. 1 is a block diagram of an example of an information processing system according to the first embodiment. The information processing system 1 of FIG. 1 is an example in which one or more IoT devices 30 are arranged in an office. The image forming apparatus 22 in FIG. 1 is an example of an IoT device. An IoT controller 24, an IC card reader 26, and an operation panel 28 are connected to the image forming apparatus 22.

The image forming apparatus 22 and the IoT device 30 are connected via an IoT network 42 such as a LAN. Further, the IoT network 42 is connected to the IoT server 10 via a network 40 such as a firewall 20 and the Internet.

The IoT server 10 provides the policy data and control flow data described later to the IoT controller 24. Further, the IoT server 10 stores report data transmitted from the IoT controller 24 as described later. The image forming apparatus 22 is an example of an electronic device that is likely to be installed in an office.

The image forming apparatus 22 may be a laser printer, a multifunction printer, a projector, an electronic blackboard, a video conferencing apparatus, an industrial or household appliance having a communication function, a medical device having a communication function, or the like. ..

The image forming apparatus 22 can authenticate the user by using the IC card reader 26. Further, the image forming apparatus 22 can display information to the user and receive instructions from the user by using the operation panel 28.

The IoT controller 24 communicates with the IoT server 10 and the IoT device 30 by using the communication function of the image forming apparatus 22. When the IoT controller 24 is configured to have a communication function, for example, it is provided with a wireless communication module, the IoT controller 24 itself is used to communicate with the IoT server 10 and the IoT device 30. You may.
The IoT controller 24 may be in the form of an expansion board built in the image forming apparatus 22 or in the form of being externally attached, or in the form of a housing installed in the vicinity of the image forming apparatus 22.

The IoT controller 24 stores the policy data and control flow data described later provided by the IoT server 10. The control flow data provided from the IoT server 10 is data for collectively managing the control of the IoT device 30 in the entire organization such as a company.

Further, the IoT controller 24 stores the control flow data created in the image forming apparatus 22 as described later. The control flow data created in the image forming apparatus 22 is, for example, data for individually managing the control of the IoT device 30 in a specific group unit included in the entire organization. A group is a concept that indicates the units that make up an organization. The unit constituting the organization may be represented by a physical place such as an office, or may be represented by a relationship between organizations such as departments.

The IoT controller 24 can control the processing of the IoT device 30 by executing a control flow selected by the user. For example, when the IoT controller 24 receives the IoT device data from the IoT device 30, it determines whether or not the conditions of the control flow being executed are met, and controls the IoT device 30 according to the control flow that matches the conditions. The control flow being executed means that the control flow is valid (effective control flow).
In this way, the IoT controller 24 can control the IoT device 30 installed in the same office as an IoT device 30 belonging to a specific group by a control flow.

In addition to the image forming apparatus 22, various devices (devices) that can be connected via the network 42 can be applied to the information processing system 1. For convenience of explanation of the embodiment of the present invention, these devices (devices) are referred to as "IoT devices", but the present invention is not limited thereto.

The "IoT device" in the present embodiment refers to a device connected to a network in order to realize the Internet of Things (IoT). An IoT device is a device including an electronic device, a sensor, and the like having an addressable communication interface for communicating using a network. In this embodiment, as an example of an IoT device, a PC, a mobile device such as a smartphone or tablet terminal, a wearable device, an air conditioning device such as an air conditioner, a lighting device, an image forming device such as a multifunction device or a printer, a scanner, an electronic blackboard, a projector, etc. A sensor such as a temperature sensor or an acceleration sensor, a camera, a television, a voice conference device, or the like is shown, but the present invention is not limited thereto. IoT devices include various devices such as refrigerators, televisions and vending machines.

The mobile device mentioned as an example of the IoT device is, for example, a device such as a smartphone or a tablet terminal as a mobile communication terminal capable of communicating with the image forming apparatus 22 via the above-mentioned short-range wireless communication.

A smartphone is typically a terminal having multiple functions such as a call function as a mobile phone, an image pickup function by a camera, and a Web information display function like a PC. A tablet terminal is typically a tablet-type terminal that functions as a multifunctional terminal like a smartphone. Further, the wearable device is typically a device that can be worn on the head such as a user goggles, a wrist such as a watch, or a chest such as a neck stripe, but the wearable device is not limited to this and is possessed by the user. It may be attached to an object such as a hat, a school bag, or a bag. That is, in the present embodiment, the "mobile phone" can include both a case where it is directly worn by the user's body and a case where it is indirectly worn by the user's body, and can be worn in a pocket of clothes or the like. It may be left in place, worn in place (head, wrists, chest, etc.), or held in the hand.

Further, the IoT device 30 is a device such as an air conditioner, a lighting device, a multifunction device, an electronic blackboard, a projector, and a temperature sensor installed in an office. The IoT device 30 registers with the IoT controller 24 and transmits the IoT device data to the IoT controller 24. For example, when the IoT device 30 is a temperature sensor, the IoT device data is the output (temperature data) of the temperature sensor. Further, for example, when the IoT device 30 is an air conditioner, the IoT device data is ON / OFF of the air conditioner power supply, a set temperature, and the like.

The operation panel 28 can be realized by a computer such as a tablet PC. Further, the operation panel 28 is equipped with an application having a screen display function such as a Web browser. The application is not limited to a Web browser as long as it has a function of displaying a control flow creation screen for creating control flow data.

The configuration of the information processing system 1 shown in FIG. 1 is an example, and one or more server devices (proxy server, gateway server, etc.) may be interposed between the firewall 20 and the IoT server 10.

The IoT device 30 includes an image forming apparatus 22 including an IoT controller 24. Each IoT device 30 has an IP address of the IoT server 10 (or an IoT device 30 having an IoT controller 24), a port number for a communication interface, etc. for cooperation with the IoT server 10 (or another IoT device 30). Is set.

Each IoT device 30 periodically polls the IP address and the port number via a communication interface to inquire about the occurrence of some event. The inquiry includes, for example, identification information for identifying a communication destination such as an aircraft number. As for the communication interface of the IoT server 10, for example, if the machine number specified in the inquiry is the machine number stored in the IoT server 10, various data such as policy data is sent to the IoT device 30 corresponding to the machine number. You may reply.

The machine number is an example of the identification information for identifying the communication destination, and may be any identification information that can identify the communication destination. The identification information for identifying the communication destination includes address information that can identify the IoT device 30 on the network and identification information assigned to the IoT device 30 by the service provider or the administrator.

Further, the identification information that identifies the communication destination may be information that can be changed by the service provider or the administrator. For example, the identification information for identifying the communication destination stored in the IoT device 30 may be changed by a direct operation of the IoT device 30 or an operation from an operation terminal that has accessed the IoT device 30 via a network. Further, the identification information for identifying the communication destination may be stored in a recording medium 503a such as a SIM card included in the IoT device 30. By changing such a recording medium, the identification information that identifies the communication destination assigned to the IoT device 30 may be changed.

Further, the IoT server 10 may manage the IoT device 30 having the IoT controller 24 and the IoT device 30 not having the IoT controller 24 so as to be able to distinguish them. For example, the identification information of the IoT device 30 having the IoT controller 24 and the identification information of the IoT device 30 not having the IoT controller 24 may be managed separately in separate tables. Further, flag information indicating whether or not the IoT controller 24 may be possessed may be associated and managed for each identification information of the IoT device 30. Further, the method of assigning the identification information to be assigned may be changed depending on whether or not the IoT device 30 has the IoT controller 24.

In such a case, the IoT server 10 may transmit various data such as policy data only to the IoT device 30 having the IoT controller 24. Further, only the IoT device 30 having the IoT controller 24 may request various data such as policy data from the IoT server 10. The process of the IoT controller 24 acquiring various data such as policy data from the IoT server 10 will be described in detail later with reference to FIG. Here, the communication between the IoT server 10 and the IoT device 30 has been described. For communication between the IoT device 30 having the IoT controller 24 and the other IoT device 30 not having the IoT controller 24, the same method is used in the IoT controller 24 in which the other IoT device 30 is registered. You can poll for it.

However, if the firewall 20 does not exist between the IoT server 10 which is the external environment and the office in the present embodiment which is the user environment, the communication interface of the IoT server 10 determines the policy data for each IoT device 30. Various data such as may be sent. In this case, the device information stored in the policy data storage unit 55 may include the IP address, port number, and the like of the IoT device 30. The same applies to the communication between the above-mentioned IoT controller 24 and the IoT device 30 registered in the IoT controller 24.

Further, as shown in FIG. 16, for example, the IoT server 10 may be distributed and realized in a plurality of computers. FIG. 16 is a block diagram of another example of the information processing system according to the first embodiment. In FIG. 16, the IoT server 10 is realized in an external environment by coordinating a plurality of computers.

Further, some of the functions of the IoT server 10 may be provided in other servers. Further, the IoT device 30 installed in the same office shown in FIG. 1 is an example, and may be, for example, an IoT device 30 installed on the same floor of a building or an IoT device 30 installed in the same room. good.

<Hardware configuration>
"Computer"
The IoT server 10 and the operation panel 28 of FIG. 1 are realized by a computer having a hardware configuration as shown in FIG. 2, for example. FIG. 2 is a hardware configuration diagram of an example of a computer.

The computer 500 shown in FIG. 2 includes an input device 501, a display device 502, an external I / F 503, a RAM 504, a ROM 505, a CPU 506, a communication I / F 507, an HDD 508, and the like, and each of them is connected to each other by a bus B. The input device 501 and the display device 502 may be connected and used when necessary.

The input device 501 includes a keyboard, a mouse, a touch panel, and the like, and is used for the user to input each operation signal. The display device 502 includes a display and the like, and displays the processing result by the computer 500.

The communication I / F 507 is an interface for connecting the computer 500 to various networks. As a result, the computer 500 can perform data communication via the communication I / F 507.

Further, the HDD 508 is an example of a non-volatile storage device that stores programs and data. The stored programs and data include an OS, which is basic software that controls the entire computer 500, and an application that provides various functions on the OS. The computer 500 may use a drive device (for example, a solid state drive: SSD) that uses a flash memory as a storage medium instead of the HDD 508.

The external I / F 503 is an interface with an external device. The external device includes a recording medium 503a and the like. As a result, the computer 500 can read and / or write to the recording medium 503a via the external I / F 503. The recording medium 503a includes a flexible disk, a CD, a DVD, an SD memory card, a USB memory, a SIM card, and the like.

The ROM 505 is an example of a non-volatile semiconductor memory (storage device) capable of holding programs and data even when the power is turned off. The ROM 505 stores programs and data such as BIOS, OS settings, and network settings that are executed when the computer 500 is started. The RAM 504 is an example of a volatile semiconductor memory (storage device) that temporarily holds programs and data.

The CPU 506 is an arithmetic unit that realizes control and functions of the entire computer 500 by reading a program or data from a storage device such as a ROM 505 or an HDD 508 onto the RAM 504 and executing processing. The CPU 506 may be realized by one processor or a plurality of processors.

The IoT server 10 and the operation panel 28 can realize various processes as described later by, for example, the hardware configuration of the computer 500 shown in FIG.

<< Image forming device >>
In the case of a multifunction device, the image forming apparatus 22 of FIG. 1 is realized by, for example, a hardware configuration as shown in FIG. FIG. 3 is a hardware configuration diagram of an example of an image forming apparatus. The image forming apparatus 22 shown in FIG. 3 includes a controller 601, an external I / F 603, a communication I / F 604, a printer 605, a scanner 606, and the like.

The controller 601 includes a CPU 611, a RAM 612, a ROM 613, an NVRAM 614, an HDD 615, and the like. The ROM 613 stores various programs and data. The RAM 612 temporarily holds programs and data. NVRAM 614 stores, for example, setting information and the like. Further, the HDD 615 stores various programs and data.

The CPU 611 reads programs, data, setting information, etc. from the ROM 613, NVRAM 614, HDD 615, etc. onto the RAM 612, and executes processing to realize control and functions of the entire image forming apparatus 22.

The external I / F 603 is an interface with an external device. The external device includes, for example, an IoT controller 24, an IC card reader 26, an operation panel 28, a recording medium 603a, and the like. As a result, the image forming apparatus 22 can communicate with, for example, the IoT controller 24, the IC card reader 26, and the operation panel 28 via the external I / F 603. The operation panel 28 includes an input unit for receiving input from the user and a display unit for displaying.

Further, the image forming apparatus 22 can read and / or write the recording medium 603a via the external I / F 603. The recording medium 603a includes an IC card, a flexible disk, a CD, a DVD, an SD memory card, a USB memory, a SIM card, and the like.

The communication I / F 604 is an interface for connecting the image forming apparatus 22 to the IoT network 42. As a result, the image forming apparatus 22 can perform data communication via the communication I / F 604.

The printer 605 is a printing device for printing print data on an object to be delivered. For example, the object to be transported is not limited to paper such as paper, coated paper, cardboard, OHP, plastic film, prepreg, and copper foil. The scanner 606 is a reading device for reading image data (electronic data) from a document. Note that FIG. 3 shows an example of the image forming apparatus 22 as a multifunction device, and when the image forming apparatus 22 is not a multifunction device, it is not always necessary to include a printer 605 and a scanner 606. Further, it may have hardware other than those shown in FIG. 3, such as a camera and a lamp light source.

<< IoT controller >>
The IoT controller 24 of FIG. 1 is realized by, for example, a computer having a hardware configuration shown in FIG. FIG. 4 is a hardware configuration diagram of an example of an IoT controller.

The IoT controller 24 shown in FIG. 4 includes an external I / F701, a RAM702, a CPU703, a ROM704, an NVRAM705, and the like, and each of them is connected to each other by a bus B. The NVRAM 705 is an example of a non-volatile storage device that stores programs and data.

The external I / F701 is an interface with an external device. External devices include an image forming device 22, a recording medium, and the like. As a result, the IoT controller 24 can read and / or write a recording medium such as a flexible disk, a CD, a DVD, an SD memory card, a USB memory, or a SIM card via an external I / F701.

The ROM 704 is an example of a non-volatile semiconductor memory (storage device) capable of holding programs and data even when the power is turned off. The ROM 704 stores programs and data to be executed when the IoT controller 24 is started. The RAM 702 is an example of a volatile semiconductor memory (storage device) that temporarily holds programs and data. The CPU 703 is an arithmetic unit that realizes control and functions of the entire IoT controller 24 by reading a program or data from a storage device such as the ROM 704 or the NVRAM 705 onto the RAM 702 and executing processing. The CPU 703 may be realized by one processor or a plurality of processors. The IoT controller 24 can realize various processes as described later by the hardware configuration as shown in FIG. 4, for example.

<Software configuration>
Here, the software configuration of the information processing system 1 according to the present embodiment will be described, but the description of the configuration unnecessary for the description of the present embodiment will be omitted as appropriate.

<< IoT server >>
The IoT server 10 according to the present embodiment is realized by, for example, a processing block as shown in FIG. FIG. 5 is a processing block diagram of an example of the IoT server according to the present embodiment.

By executing the program, the IoT server 10 of FIG. 5 has, for example, a policy data providing unit 51, a report data management unit 52, a control flow providing unit 53, a policy data storage unit 55, a report data storage unit 56, and a control flow storage unit 57. Has been realized.

The policy data providing unit 51 provides the IoT controller 24 with the policy data described later. The policy data is stored in the policy data storage unit 55. The policy data stored in the policy data storage unit 55 is used for determining whether or not the user may execute the control flow described later.

The report data management unit 52 receives the report data from the IoT controller 24, and stores the received report data in the report data storage unit 56. The control flow providing unit 53 provides the IoT controller 24 with the control flow data described later. The control flow data is stored in the control flow storage unit 57. The control flow data stored in the control flow storage unit 57 is for centrally managing the control of the IoT device 30 in the entire organization such as a company.

<< Operation panel and image forming device >>
The operation panel 28 and the image forming apparatus 22 according to the present embodiment are realized by, for example, a processing block as shown in FIG. FIG. 6 is a processing block diagram of an example of the operation panel and the image forming apparatus according to the present embodiment.

The image forming apparatus 22 of FIG. 6 has a communication unit 61, a user management unit 62, and a user information storage unit 63. The communication unit 61 performs data communication with the outside via the IoT network 42. The user management unit 62 manages the user information stored in the user information storage unit 63. For example, the user management unit 62 performs user authentication by using the information read from the user's IC card or the like by the IC card reader 26 and the user information stored in the user information storage unit 63.

The operation panel 28 realizes, for example, a control flow creation reception unit 71 and a control flow implementation request unit 72 by executing a program. The control flow creation reception unit 71 displays, for example, a control flow creation screen, and accepts the creation of an individual control flow for the IoT device 30 in the office from the user. Further, the control flow execution request unit 72 requests the IoT controller 24 to execute the control flow selected by the user.

<< IoT controller >>
The IoT controller 24 according to the present embodiment is realized by, for example, a processing block as shown in FIG. 7. FIG. 7 is a processing block diagram of an example of the IoT controller according to the present embodiment.

The IoT controller 24 of FIG. 7 realizes a policy data management unit 81, an IoT device registration unit 82, a control flow management unit 83, a control flow implementation unit 84, an event control unit 85, and a report control unit 86 by executing a program. ing. Further, the IoT controller 24 realizes the IoT device control policy storage unit 91, the data access policy storage unit 92, the IoT device data storage unit 93, and the control flow storage unit 94.

The policy data management unit 81 stores and manages the IoT device control policy included in the policy data provided by the IoT server 10 in the IoT device control policy storage unit 91. Further, the policy data management unit 81 stores and manages the data access policy included in the policy data provided from the IoT server 10 in the data access policy storage unit 92.

The amount of policy data handled increases as the number of IoT devices 30 handled increases. Therefore, the policy data management unit 81 can save memory by providing an update process for deleting unnecessary policy data. As a method of deleting the policy data, for example, the following method can be considered.

As the first method, for example, when the IoT controller 24 receives a notification from the IoT server 10 that the corresponding policy data is no longer needed together with the information for specifying the policy data, the target policy data is deleted. be. Before deleting the policy data, the policy data management unit 81 may send information indicating which policy data to delete to the IoT server 10 together with the machine number of the own device as log information. With such a configuration, the IoT server 10 can grasp the status of which IoT controller 24 stores which policy data.

As the second method, a deadline is set in the policy data, the IoT controller 24 determines whether or not the deadline has passed, and if it is determined that the deadline has passed, the method is deleted in the same manner as the first method. There is. Similar to the first method, the policy data management unit 81 may send log information to the IoT server 10 before deleting the policy data.

The policy data management unit 81 determines whether the IoT device 30 related to the policy data received from the IoT server 10 is registered in the IoT device data storage unit 93 of the image forming apparatus 22, and if it is not registered, the policy data management unit 81 determines. You may notify the IoT server 10 that it has not been registered and delete the policy data.

In such a configuration, the policy data management unit 81 has a policy that the own device does not store the IoT device 30 from the image forming apparatus 22 to the IoT server 10 when the IoT device 30 is newly registered in the IoT device data storage unit 93. Inquire whether there is any policy data related to the newly registered IoT device 30 as data.

When the IoT server 10 determines that there is the corresponding policy data, the IoT server 10 can update the policy data stored in the IoT controller 24 by transmitting the corresponding policy data to the image forming apparatus 22. The details of the process of newly registering the IoT device 30 will be described later in FIG.

The IoT device registration unit 82 registers the IoT device 30 installed in the same office as the IoT device 30 belonging to a specific group in the IoT device data storage unit 93. The IoT device data storage unit 93 stores the IoT device data of the IoT device 30 belonging to a specific group.

The control flow management unit 83 stores and manages the control flow data provided by the IoT server 10 in the control flow storage unit 94. Further, the control flow management unit 83 stores and manages the control flow data created by the user on the operation panel 28 in the control flow storage unit 94 as control flow data.

The control flow execution unit 84 performs processing related to the execution of the control flow. If the user who requested the execution of the control flow is not prohibited from processing the control flow, the control flow execution unit 84 starts the execution of the control flow requested to be executed by the user. The event control unit 85 detects a request for execution of the control flow from the operation panel 28, reception of IoT device data from the IoT device 30, reading of information from an IC card or the like, etc. as events, and the control flow management unit 83 or Notify the control flow implementation unit 84.

Further, the report control unit 86 transmits the IoT device data stored in the IoT device data storage unit 93 to the IoT server 10 as report data in accordance with the data access policy stored in the data access policy storage unit 92.

<< IoT device >>
The IoT device 30 according to the present embodiment is realized by, for example, a processing block as shown in FIG. FIG. 8 is a processing block diagram of an example of the IoT device according to the present embodiment.

The IoT device 30 in FIG. 8 has a configuration including an IoT device registration request unit 101 and an IoT device data transmission unit 102. The IoT device registration request unit 101 requests IoT device registration for registering its own device in the IoT controller 24. The IoT device data transmission unit 102 transmits IoT device data to the IoT controller 24 that has registered the IoT device.

<Processing>
<< IoT device control processing >>
The information processing system 1 according to the present embodiment performs IoT device control processing by, for example, the procedure shown in FIG. FIG. 9 is a flowchart of an example of the IoT device control process according to the present embodiment.

In step S11, the policy data management unit 81 of the IoT controller 24 accesses the policy data providing unit 51 of the IoT server 10. The policy data management unit 81 receives policy data from the policy data provision unit 51 by designating the identification information (ID) of the organization that collectively manages the control of the IoT device 30 such as a company or a building. The IoT server 10 may manage the organization policy data in association with the above-mentioned identification information of the IoT controller 24 instead of the organization identification information (ID). The IoT server 10 may acquire the associated policy data by receiving the identification information of the IoT controller 24, and may provide the acquired policy data to the IoT controller 24 by the policy data providing unit 51. Further, the IoT server 10 may manage the identification information (ID) of the organization in association with the identification information of the IoT controller 24. The IoT server 10 identifies the organization identification information (ID) based on the received identification information of the IoT controller 24, acquires policy data based on the identified organization identification information (ID), and provides the policy data to the IoT controller 24. You may.

The policy data management unit 81 sets the IoT device control policy and the data access policy included in the received policy data. Specifically, the policy data management unit 81 sets the IoT device control policy by storing it in the IoT device control policy storage unit 91. Further, the policy data management unit 81 sets the data access policy by storing it in the data access policy storage unit 92.

Further, the control flow management unit 83 of the IoT controller 24 accesses the control flow providing unit 53 of the IoT server 10. The control flow management unit 83 receives the control flow data from the control flow providing unit 53 by designating the identification information (ID) of the organization that collectively manages the control of the IoT device 30 such as a company or a building. The control flow management unit 83 makes settings by storing the received control flow data in the control flow storage unit 94.

As with the policy data, the IoT server 10 may manage the organization control flow data in association with the above-mentioned identification information of the IoT controller 24 instead of the organization identification information (ID). The IoT server 10 may acquire the associated control flow data by receiving the identification information of the IoT controller 24, and may provide the acquired control flow data to the IoT controller 24 by the control flow providing unit 53. Further, the IoT server 10 may manage the identification information (ID) of the organization in association with the identification information of the IoT controller 24. The IoT server 10 identifies the organization identification information (ID) based on the received identification information of the IoT controller 24, acquires control flow data based on the identified organization identification information (ID), and transfers the control flow data to the IoT controller 24. May be provided.

By the process of step S11, the IoT controller 24 can acquire and set the policy data and the control flow data associated with the organization that collectively manages the control of the IoT device 30 from the IoT server 10.

Proceeding to step S12, the IoT device registration unit 82 of the IoT controller 24 searches for the IoT device 30 installed in the same office. The IoT device registration request unit 101 of the searched IoT device 30 requests the IoT device registration unit 82 of the IoT controller 24 to register the IoT device. The IoT device registration unit 82 registers the IoT device 30 that has requested the IoT device registration in the IoT device data storage unit 93 as the IoT device 30 belonging to a specific group.

Further, the IoT device data transmission unit 102 of the IoT device 30 that has requested the IoT device registration starts transmitting the IoT device data to the IoT controller 24 that has performed the IoT device registration. The event control unit 85 stores the IoT device data received from the IoT device 30 in the IoT device data storage unit 93.

Proceeding to step S13, the control flow execution unit 84 of the IoT controller 24 accepts the selection of the control flow to be executed from the user who operates the image forming apparatus 22. The control flow implementation unit 84 determines from the IoT device control policy whether or not the user who has selected the control flow is a user who is permitted to process the control flow.

If the user who has selected the control flow is a user who is permitted to process the control flow, the control flow execution unit 84 starts executing the control flow shown in FIG. 10, for example. FIG. 10 is a block diagram of an example of a control flow. The control flow of FIG. 10 has a control flow name, a condition, and a process as items. The control flow name is an example of identification information used by the user to identify the control flow. The processing is various processing for controlling the IoT device 30. The conditions are various conditions for processing the control flow.

For example, the control flow of FIG. 10 is a control flow for controlling an air conditioner, which is an example of the IoT device 30. The control flow in FIG. 10 is the process of "turning on the air conditioner" and the process of "setting the temperature to 25 ° C" when the conditions of "8:00 to 20:00 on weekdays" and the conditions of "temperature sensor 28 ° C or higher" are met. It means to do. Further, when the control flow in FIG. 10 meets the conditions of "8 o'clock to 20 o'clock on weekdays" and "temperature sensor 22 ° C. or lower", "air conditioner power ON" processing and "temperature set to 25 ° C." It represents that the processing of is performed.

The control flow execution unit 84 detects the control flow that matches the conditions by repeating the processes of steps S14 to S16 until the execution of the control flow is started and the user instructs the user to end the execution of the control flow. If there is a control flow that matches the conditions, the control flow implementation unit 84 proceeds to step S15 and controls the IoT device 30 according to the control flow that matches the conditions.

<< Processing in step S12 >>
FIG. 11 is a flowchart of an example of the process of step S12. In step S21, the IoT device registration unit 82 of the IoT controller 24 searches for the IoT device 30 installed in the same office. For example, the IoT device registration unit 82 searches for the IoT device 30 in the office by broadcasting.

The IoT device registration request unit 101 of the searched IoT device 30 (for example, receiving the broadcast) proceeds to step S22 and requests the IoT device registration unit 82 of the IoT controller 24 to register the IoT device. The request for IoT device registration includes, for example, device information of the IoT device 30 and available function (processing) information.

The device information of the IoT device 30 includes the above-mentioned identification information for identifying the communication destination, and the IoT device 30 can be distinguished by using the identification information. Further, the device information includes address information for identifying the IoT device 30 on the network such as an IP address, and by using the address information, it is possible to transmit data to the IoT device 30. The identification information that identifies the communication destination may be address information. The IoT device registration unit 82 of the IoT controller 24 registers the device information and available functional information of the IoT device 30 that has requested the IoT device registration in the IoT device data storage unit 93 as the IoT device 30 belonging to a specific group. ..

Proceeding to step S23, the IoT device data transmission unit 102 of the IoT device 30 that has requested the IoT device registration starts transmitting the IoT device data to the IoT controller 24 that has performed the IoT device registration. The event control unit 85 of the IoT controller 24 starts receiving the IoT device data from the IoT device 30 and storing the received IoT device data in the IoT device data storage unit 93.

<< Processing in step S13 >>
FIG. 12 is a flowchart of an example of the process of step S13. In step S31, the control flow implementation unit 84 of the IoT controller 24 authenticates the user who operates the operation panel 28, and identifies the user information of the user who operates the operation panel 28. Proceeding to step S32, the control flow execution unit 84 receives a selection of the control flow to be executed from the user who operates the image forming apparatus 22.

The process proceeds to step S33, and the control flow implementation unit 84 refers to the control flow of FIG. 10 and extracts the processing of the control flow selected by the user. The processing of the control flow extracted in step S33 is the processing of the IoT device 30 necessary for executing the control flow selected by the user.

The process proceeds to step S34, and the control flow execution unit 84 identifies a role included in the user information of the user who operates the image forming apparatus 22. Further, by referring to the IoT device control policy of FIG. 13, the control flow implementation unit 84 identifies the permitted and prohibited processes corresponding to the roles of the user who operates the image forming apparatus 22.

The control flow execution unit 84 is a process of the IoT device 30 necessary for executing the process permitted and prohibited according to the role of the user who operates the image forming apparatus 22 and the control flow selected by the user. Compare with processing. From the comparison result, the control flow execution unit 84 determines whether or not the user who operates the image forming apparatus 22 is prohibited from processing the IoT device 30 necessary for executing the control flow selected by the user.

In other words, the control flow implementation unit 84 determines from the IoT device control policy of FIG. 13 whether or not the user who has selected the control flow is a user who is permitted to process the control flow.

If not prohibited, the control flow execution unit 84 proceeds to step S36 and starts executing the control flow selected by the user in step S32. If prohibited, the control flow executing unit 84 proceeds to step S37, for example, causing the operation panel 28 to display an error.

That is, if the user who has selected the control flow is a user who is permitted to process the control flow, the control flow execution unit 84 starts executing the control flow selected by that user. Further, if the user who has selected the control flow is a user whose processing of the control flow is prohibited, the control flow execution unit 84 does not start the execution of the control flow selected by that user.

For example, in the case of the IoT device control policy of FIG. 13, the user whose role is the "administrative user" is permitted to perform "power ON / OFF" and "temperature setting" which are the processes of the "air conditioner" which is the IoT device 30. Further, the user whose role is "general user" is prohibited from "power ON / OFF" and "temperature setting" which are the processes of the "air conditioner" which is the IoT device 30.

If the role of the user who selected the control flow of FIG. 10 in step S32 is "administrative user", the control flow executing unit 84 determines that the user is permitted to "power ON / OFF" and "temperature setting". The implementation of the control flow of FIG. 10 is started. Further, if the role of the user who selected the control flow of FIG. 10 in step S32 is "general user", the control flow executing unit 84 determines that the user is prohibited from "power ON / OFF" and "temperature setting". However, the execution of the control flow of FIG. 10 is not started, and an error is displayed.

According to the process of FIG. 12, for example, by providing the control flow of the IoT device 30 owned by an organization such as a company from the IoT server 10, the control of the IoT device 30 can be collectively managed in the entire organization. Further, according to the process of FIG. 12, for example, by connecting the IoT controller 24 to the image forming apparatus 22 arranged one by one in one room, an authorized user can use a predetermined group such as an office unit or a room unit. You can select the control flow to be executed individually for each unit.

Therefore, for example, in a case where the control of air conditioning equipment is centrally managed in a company or a building, the control flow of the IoT device 30 in a certain office is selected from the control flow provided by the IoT server 10 to an authorized user. It is also possible to operate it so that it can be operated. By letting an authorized user make a selection, security and safety can be ensured in the process of FIG.

The process of step S13 can also be performed as shown in FIG. FIG. 14 is a flowchart of another example of the process of step S13. In step S41, the control flow execution unit 84 of the IoT controller 24 authenticates the user who operates the operation panel 28, and identifies the user information of the user who operates the operation panel 28.

Proceeding to step S42, the control flow creation reception unit 71 of the operation panel 28 displays, for example, a control flow creation screen as shown in FIG. 15, and accepts the creation of the control flow from the user. FIG. 15 is an image diagram of an example of the control flow creation screen. The control flow creation screen of FIG. 15 is a screen image in which a control flow for controlling the IoT device 30 which is an air conditioner is created by inputting an output (temperature data) from the IoT device 30 which is a temperature sensor. For example, Node-RED, which is an example of an application development tool, can be used for the control flow creation screen.

For example, an example of the control flow created by the user in step S42 is the control flow shown in FIG. The control logic created on the control flow creation screen corresponds to the data indicating the conditions and processing of the control flow of FIG. Further, the temperature sensor and the air conditioner displayed on the control flow creation screen of FIG. 15 can be selected from the IoT device 30 registered in step S12 of FIG. Further, the control logic displayed on the control flow creation screen of FIG. 15 can be created based on the function of the IoT device 30 that can be grasped by executing step S12 of FIG.

It should be noted that the user who has not performed the authentication in step S41 may be permitted to create the control flow on the control flow creation screen of FIG. Further, the control flow can be created on the control flow creation screen from a user terminal capable of communicating with the IoT controller 24 in addition to the operation panel 28.

Further, the process proceeds to step S43, and the control flow execution unit 84 receives from the user a request for execution of the control flow created by the user in step S42. The process proceeds to step S44, and the control flow implementation unit 84 extracts the process of the control flow created by the user. The process of the control flow extracted in step S44 is the process of the IoT device 30 necessary for executing the control flow created by the user.

Proceeding to step S45, the control flow execution unit 84 identifies a role included in the user information of the user who operates the image forming apparatus 22. Further, by referring to the IoT device control policy of FIG. 13, the control flow implementation unit 84 identifies the permitted and prohibited processes corresponding to the roles of the user who operates the image forming apparatus 22.

The control flow execution unit 84 is a process of the IoT device 30 necessary for executing the process permitted and prohibited according to the role of the user who operates the image forming apparatus 22 and the control flow created by the user. Compare with processing. From the comparison result, the control flow execution unit 84 determines whether or not the user who operates the image forming apparatus 22 is prohibited from processing the IoT device 30 necessary for executing the control flow created by the user.

In other words, the control flow implementation unit 84 determines from the IoT device control policy of FIG. 13 whether or not the user who created the control flow is a user who is permitted to process the control flow.

If not prohibited, the control flow execution unit 84 proceeds to step S47, and starts reflecting the control flow created by the user in step S42 to the control flow storage unit 94 and executing the control flow created by the user. do. If prohibited, the control flow implementation unit 84 proceeds to step S48, for example, causing the operation panel 28 to display an error.

That is, if the user who created the control flow is a user who is permitted to process the control flow, the control flow execution unit 84 starts reflecting and executing the control flow created by that user. Further, if the user who created the control flow is a user whose processing of the control flow is prohibited, the control flow execution unit 84 does not start reflecting and executing the control flow created by the user.

According to the process of FIG. 14, an authorized user can individually create and execute a control flow in a predetermined group unit such as an office unit. For example, by connecting the IoT controller 24 to the image forming apparatus 22 arranged one by one in one room, it is possible to create and execute a control flow for each room.

As a specific example, it is assumed that the information processing system 1 according to the first embodiment implements the control flow of FIG. 10 for controlling the IoT device 30 which is an air conditioner so that the temperature does not drop from a uniform temperature in the entire building. .. Further, it is assumed that the operation of the IoT device 30 installed in the office is controlled by the IoT device 30 in the office.

In this case, for example, when a specific employee goes to work on a holiday, he / she may want to implement a control flow that can control the operation of the IoT device 30 which is an air conditioner in cooperation with the IoT device 30 which is a temperature sensor only in the office of the employee. .. However, if anyone can freely select and implement a control flow, there may be problems in security and safety.

According to the information processing system 1 according to the first embodiment, the control flow can be flexibly changed in units of the IoT devices 30 belonging to a predetermined group while considering security and safety.

If the user who operates the image forming apparatus 22 is prohibited from a part of the processing of the IoT device 30 necessary for executing the control flow, the control flow executing unit 84 may deal with it as follows. For example, the control flow execution unit 84 may present the control flow excluding the prohibited processing and the content of the excluded processing to the user, and accept the selection of whether or not to execute the presented control flow.

When the selection of "do not execute" is accepted, the control flow implementation unit 84 does not execute the control flow except for the prohibited processing. When the selection of "implement" is accepted, the control flow implementation unit 84 starts reflecting and implementing the control flow excluding the prohibited processing.

For example, a control flow process that includes a process of "notifying a user terminal that a condition is satisfied" that is permitted by a general user and a process of "turning on the air conditioner power" that is prohibited by a general user. Suppose there was. The policy does not prohibit the process of "notifying the user terminal that the conditions are met". Therefore, a general user can also execute the control flow of the process of "notifying the user terminal that the condition is satisfied".

Therefore, the control flow implementation unit 84 presents that "the power of the air conditioner is prohibited, but it is permitted if only the user terminal is notified when the condition of the temperature sensor is satisfied", and this control flow is executed. You may let the user choose whether or not to do so. Further, the control flow execution unit 84 may not present the control flow to the user, but may automatically reflect and execute the control flow excluding the prohibition process.
[Other embodiments]
The first embodiment has described a control flow capable of controlling the operation of the IoT device 30 which is an air conditioner in cooperation with the IoT device 30 which is a temperature sensor, but is not limited thereto.

For example, as another embodiment, a control flow for controlling the IoT device 30 which is an air conditioner to “power ON” in cooperation with the “power ON” of the IoT device 30 which is a lighting device can be considered. Further, a control flow for controlling the IoT device 30 which is a lighting device to "power ON" in cooperation with the "power ON" of the IoT device 30 which is a projector and controlling to lower the set temperature of the IoT device 30 which is an air conditioner. And so on.

Further, in cooperation with the "power ON" of the IoT device 30 which is a projector, the control is controlled so as to lower the brightness of the IoT device 30 which is a lighting device, and the control is controlled so as to lower the set temperature of the IoT device 30 which is an air conditioner. Flow etc. can be considered.

The present invention is not limited to the above-described embodiment disclosed specifically, and various modifications and modifications can be made without departing from the scope of claims. It goes without saying that the information processing system 1 described in this embodiment is an example, and there are various system configuration examples depending on the intended use and purpose.

1 Information processing system 10 IoT server 20 Firewall 22 Image forming device 24 IoT controller 26 IC card reader 28 Operation panel 30 IoT device 40, 42 Network 51 Policy data providing unit 52 Report data management unit 53 Control flow providing unit 55 Policy data storage unit 56 Report data storage unit 57 Control flow storage unit 61 Communication unit 62 User management unit 63 User information storage unit 71 Control flow creation reception unit 72 Control flow implementation request unit 81 Policy data management unit 82 IoT device registration unit 83 Control flow management unit 84 Control flow implementation unit 85 Event control unit 86 Report control unit 91 IoT device control policy storage unit 92 Data access policy storage unit 93 IoT device data storage unit 94 Control flow storage unit 101 IoT device registration request unit 102 IoT device data transmission unit 500 Computer 501 Input device 502 Display device 503, 603, 701 External I / F
503a, 603a Recording medium 504, 612, 702 RAM
505, 613, 704 ROM
506, 611, 703 CPU
507, 604 Communication I / F
508,615 HDD
601 Controller 605 Printer 606 Scanner 614, 705 NVRAM
B bus

Special Table 2016-515328A. Japanese Unexamined Patent Publication No. 2014-235441

Claims (16)

An information processing device that controls the processing of one or more of the devices belonging to the group by an effective control flow based on the data transmitted from one or more devices belonging to the group via the network.
For each of the plurality of different processes of the device, policy data in which the first role of the first user to which the corresponding process is permitted and the second role of the second user to which the corresponding process is prohibited is set. With the policy data storage means for storing in the group unit,
A control flow storage means for storing a control flow associated with a condition and a plurality of different processes of the device executed when the condition is satisfied in a group unit.
With respect to a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the control flow requested to execute the control flow, the plurality of different processes in the policy data are any of the above. Based on the requested user's role and the policy data, whether the first user is permitted or the second user is prohibited from processing any of the plurality of different processes. If it is determined that the user is the first user, the control flow is enabled to control a plurality of different processes of the device in the group unit based on the enabled control flow. However, when it is determined that the user is the second user, the control flow executing means that does not execute the entire control flow associated with the plurality of different processes of the device including the process of the prohibited device. ,
Information processing device with. When the created request for executing the control flow is received from the user, the device processing executed when the user who requested the execution of the control flow satisfies the condition of the control flow is the policy data. Control flow management means, which reflects the control flow to the control flow storage means of the control flow, if it is not permitted or prohibited in the above.
The information processing apparatus according to claim 1, further comprising. The second aspect of claim 2, wherein the control flow management means acquires the control flow of an organization including the group from a server device connected via the network and stores the control flow in the control flow storage means. Information processing device. A device registration means that searches for one or more of the devices belonging to the group connected via the network, registers the searched one or more of the devices, and starts receiving data from the devices.
The information processing apparatus according to any one of claims 1 to 3. A policy data management means that acquires the policy data from a server device connected via the network and stores the policy data in the policy data storage means.
The information processing apparatus according to any one of claims 1 to 4. The information processing device is connected to the network via one device included in one or more devices, and communicates via the network by using the communication function of the connected device. The information processing apparatus according to any one of claims 1 to 5, wherein the information processing apparatus is characterized by the above. 6. The information processing apparatus according to claim 6, wherein the information processing apparatus receives a request for execution of the control flow from the user by using an operation panel connected to the device included in the device. Information processing equipment. The information processing device according to claim 6 or 7, wherein the information processing device authenticates the user by using an authentication device connected to one device included in the device. .. 6. 7. The information processing apparatus according to 7. The information processing device according to claim 6 or 7, wherein the information processing device receives a request for creating a control flow from the user who operates a user terminal connected via the network. The control flow executing means is a part of the policy data in which a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the controlled flow requested to be executed. If prohibited, the control flow in which the processing of the partially prohibited device is excluded from the requested control flow and the content of the processing of the excluded device are presented, and the presented control flow is displayed. The group unit based on the control flow enabled by accepting the selection of whether to execute or not, and enabling the presented control flow excluding the prohibited processing when the selection to be executed is accepted. The information processing apparatus according to any one of claims 1 to 10, wherein the processing of the device is controlled. A control method for an information processing device that controls the processing of one or more devices belonging to a group by an effective control flow based on data transmitted from one or more devices belonging to the group via a network.
The information processing device
For each of the plurality of different processes of the device, policy data in which the first role of the first user to which the corresponding process is permitted and the second role of the second user to which the corresponding process is prohibited is set. In the policy data storage means in the group unit, and
A step of storing a control flow associated with a condition and a plurality of different processes of the device executed when the condition is satisfied in the control flow storage means in the group unit.
With respect to a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the control flow requested to execute the control flow, the plurality of different processes in the policy data may be any of the above. Based on the requested user's role and the policy data, whether the first user is permitted or the second user is prohibited from processing any of the plurality of different processes. If it is determined that the user is the first user, the control flow is enabled to control a plurality of different processes of the device in the group unit based on the enabled control flow. However, when it is determined that the user is the second user, the step of not executing the entire control flow to which the plurality of different processes of the device including the process of the prohibited device are associated is not executed.
Control method having. An information processing device that controls the processing of one or more of the devices belonging to the group by an effective control flow based on the data transmitted from one or more devices belonging to the group via the network.
For each of the plurality of different processes of the device, policy data in which the first role of the first user to which the corresponding process is permitted and the second role of the second user to which the corresponding process is prohibited is set. Is stored in the group unit, the policy data storage means,
A control flow storage means for storing a control flow associated with a condition and a plurality of different processes of the device executed when the condition is satisfied in a group unit.
With respect to a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the control flow requested to execute the control flow, the plurality of different processes in the policy data are any of the above. Based on the requested user's role and the policy data, whether the first user is permitted or the second user is prohibited from processing any of the plurality of different processes. If it is determined that the user is the first user, the control flow is enabled to control a plurality of different processes of the device in the group unit based on the enabled control flow. However, when it is determined that the user is the second user, the control flow executing means that does not execute the entire control flow to which a plurality of different processes of the device including the process of the prohibited device are associated .
A program to function as. A device that controls the processing of one or more other devices belonging to the group with an effective control flow based on data transmitted over the network from one or more other devices belonging to the group.
For each of the plurality of different processes of the device, policy data in which the first role of the first user to which the corresponding process is permitted and the second role of the second user to which the corresponding process is prohibited is set. With the policy data storage means for storing in the group unit,
A control flow storage means for storing a control flow associated with a condition and a plurality of different processes of the device executed when the condition is satisfied in a group unit.
With respect to a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the control flow requested to execute the control flow, the plurality of different processes in the policy data are any of the above. Based on the requested user's role and the policy data, whether the first user is permitted or the second user is prohibited from processing any of the plurality of different processes. If it is determined that the user is the first user, the control flow is enabled to control a plurality of different processes of the device in the group unit based on the enabled control flow. However, when it is determined that the user is the second user, the control flow executing means that does not execute the entire control flow associated with the plurality of different processes of the device including the process of the prohibited device. ,
Devices with. One or more devices belonging to the group and an information processing device that controls the processing of the one or more devices belonging to the group based on the data transmitted from the device via the network by an effective control flow. It is an information processing system that you have
For each of the plurality of different processes of the device, policy data in which the first role of the first user to which the corresponding process is permitted and the second role of the second user to which the corresponding process is prohibited is set. With the policy data storage means for storing in the group unit,
A control flow storage means for storing a control flow associated with a condition and a plurality of different processes of the device executed when the condition is satisfied in a group unit.
With respect to a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the control flow requested to execute the control flow, the plurality of different processes in the policy data are any of the above. Based on the requested user's role and the policy data, whether the first user is permitted or the second user is prohibited from processing any of the plurality of different processes. If it is determined that the user is the first user, the control flow is enabled to control a plurality of different processes of the device in the group unit based on the enabled control flow. However, when it is determined that the user is the second user, the control flow executing means that does not execute the entire control flow associated with the plurality of different processes of the device including the process of the prohibited device. ,
Information processing system with. One or more devices belonging to the group and an information processing device that controls the processing of the one or more devices belonging to the group based on the data transmitted from the device via the network by an effective control flow. It is a control method of the information processing system that it has.
For each of the plurality of different processes of the device, policy data in which the first role of the first user to which the corresponding process is permitted and the second role of the second user to which the corresponding process is prohibited is set. In the policy data storage means in the group unit, and
A step of storing a control flow associated with a condition and a plurality of different processes of the device executed when the condition is satisfied in the control flow storage means in the group unit.
With respect to a plurality of different processes of the device executed when the user who requested the execution of the control flow satisfies the conditions of the control flow requested to execute the control flow, the plurality of different processes in the policy data may be any of the above. Based on the requested user's role and the policy data, whether the first user is permitted or the second user is prohibited from processing any of the plurality of different processes. If it is determined that the user is the first user, the control flow is enabled to control a plurality of different processes of the device in the group unit based on the enabled control flow. However, when it is determined that the user is the second user, the step of not executing the entire control flow to which the plurality of different processes of the device including the process of the prohibited device are associated is not executed.
Control method having.

Images